| VID |
29052 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The CISCO Gigabit Switch Router(GSR) has a Access Control Bypass and Denial of Service vulnerability(CISCO Bug ID CSCdp35794). Under certain conditions, this vulnerability is exploited to circumvent compiled access control lists with a moderate probability of success and circumvent extended access control lists with a low probability of success. Due to the nature of this vulnerability, it is difficult to predict the exact results of any such exploitation. Due to improper handling line card failures in Cisco IOS Software running on all models of Gigabit Switch Routers (GSRs) configured with Gigabit Ethernet or Fast Ethernet cards may cause packets to be forwarded without correctly evaluating configured access control lists (ACLs). In addition to circumventing the access control lists, it is possible to stop an interface from forwarding any packets, thus causing a denial of service.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml
* Platforms Affected:
Gigabit Switch Router 12008
Gigabit Switch Router 12012
Gigabit Switch Router 12016
All releases of Cisco GSR IOS Software starting with 11.2(15)GS1A |
| Recommendation |
Upgrade to the fixed Cisco IOS version 11.2(19)GS0.2, 12.0(8.0.2)S, 12.0(7)S1, 12.0(7.4)S, 12.0(8.3)SC, 12.0(7)SC.
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com .
For details, see http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml |
| Related URL |
CVE-2000-0700 (CVE) |
| Related URL |
1541 (SecurityFocus) |
| Related URL |
(ISS) |
|
